← Back to Pulse Feed
PULSE DETAIL
ESET researchers provide technical details on a recent data destruction incident affecting a Polish energy company. They identified new data-wiping malware named DynoWiper, attributed to the Russia-aligned threat group Sandworm with medium confidence. The tactics, techniques, and procedures observed during the DynoWiper incident resemble those seen earlier in an incident involving the ZOV wiper in Ukraine. Sandworm has a history of destructive cyberattacks, targeting various entities including energy providers. The DynoWiper samples focus on the IT environment, with no observed functionality targeting OT industrial components. The attackers deployed additional tools and attempted to use a SOCKS5 proxy. The incident represents a rare case of a Russia-aligned threat actor deploying destructive malware against an energy company in Poland.
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
DynoWiper
ZOV wiper
Industroyer2 - S1072
Industroyer2 - S1072
HermeticWiper - S0697
Trojan.Killdisk
DriveSlayer
HermeticRansom
CaddyWiper - S0693
DoubleZero
ARGUEPATCH
ORCSHRED
SOLOSHRED
AWFULSHRED
Prestige - S1058
RansomBoggs
BidSwipe
ROARBAT
SwiftSlicer
NikoWiper
SharpNikoWiper
ZEROLOT
Sting wiper
Indicators of Compromise (7 / 20 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-SHA1 | 410c8a57fe6e09edbfebaba7d5d3e4797ca80a19 | — | 2026-02-02 | |
| FileHash-SHA1 | 472ca448f82a7ff6f373a32fdb9586fd7c38b631 | — | 2026-02-02 | |
| FileHash-SHA1 | 4ec3c90846af6b79ee1a5188eefa3fd21f6d4cf6 | — | 2026-02-02 | |
| FileHash-SHA1 | 4f8e9336a784a196353023133e0f8fa54f6a92e2 | — | 2026-02-02 | |
| FileHash-SHA1 | 69ede7e341fd26fa0577692b601d80cb44778d93 | — | 2026-02-02 | |
| FileHash-SHA1 | 86596a5c5b05a8bfbd14876de7404702f7d0d61b | — | 2026-02-02 | |
| FileHash-SHA1 | 9ec4c38394ea2048ca81d48b1bd66de48d8bd4e8 | — | 2026-02-02 |